Added endpoint validation for Service Bus namespace (#2347)

[xiangyan99]

• Added endpoint validation for Service Bus namespace

• updates

What does this PR do?

[Provide a clear, concise description of the changes]

[Add additional context, screenshots, or information that helps reviewers]

GitHub issue number?

[Link to the GitHub issue this PR addresses]

Pre-merge Checklist

• Required for All PRs
  • Read contribution guidelines
  • PR title clearly describes the change
  • Commit history is clean with descriptive messages (cleanup guide)
  • Added comprehensive tests for new/modified functionality
  • Created a changelog entry if the change falls among the following: new feature, bug fix, UI/UX update, breaking change, or updated dependencies. Follow the changelog entry guide
• For MCP tool changes:
  • One tool per PR: This PR adds or modifies only one MCP tool for faster review cycles
  • Updated servers/Azure.Mcp.Server/README.md and/or servers/Fabric.Mcp.Server/README.md documentation
  • Validate README.md changes running the script ./eng/scripts/Process-PackageReadMe.ps1. See Package README
  • For new or modified tool descriptions, ran ToolDescriptionEvaluator and obtained a score of 0.4 or more and a top 3 ranking for all related test prompts
  • For tools with new names, including new tools or renamed tools, update consolidated-tools.json
  • For renamed tools, follow the Tool Rename Checklist and tag the PR with the breaking-change label
  • For new tools associated with Azure services or publicly available tools/APIs/products, add URL to documentation in the PR description
• Extra steps for Azure MCP Server tool changes:
  • Updated command list in servers/Azure.Mcp.Server/docs/azmcp-commands.md
  • Ran ./eng/scripts/Update-AzCommandsMetadata.ps1 to update tool metadata in azmcp-commands.md (required for CI)
  • Updated test prompts in servers/Azure.Mcp.Server/docs/e2eTestPrompts.md
  • 👉 For Community (non-Microsoft team member) PRs:
    • Security review: Reviewed code for security vulnerabilities, malicious code, or suspicious activities before running tests (crypto mining, spam, data exfiltration, etc.)
    • Manual tests run: added comment /azp run mcp - pullrequest - live to run Live Test Pipeline

[Copilot]

Pull request overview

This PR strengthens Azure Service Bus tooling by validating the --namespace/namespaceName input against allowed Azure Service Bus domain suffixes (per cloud), preventing attacker-controlled endpoints and non-host values from being used.

Changes:

• Added servicebus allowed domain suffixes to the shared EndpointValidator and expanded its unit test coverage.
• Added namespace host validation inside ServiceBusService before creating Service Bus clients.
• Added Service Bus-specific unit tests and a server changelog entry documenting the update.

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
tools/Azure.Mcp.Tools.ServiceBus/tests/Azure.Mcp.Tools.ServiceBus.UnitTests/Services/ServiceBusServiceNamespaceValidationTests.cs	Adds unit tests ensuring ServiceBusService rejects attacker-controlled/non-host namespace inputs.
tools/Azure.Mcp.Tools.ServiceBus/src/Services/ServiceBusService.cs	Adds ValidateNamespace() and calls it from all Service Bus operations.
servers/Azure.Mcp.Server/changelog-entries/1775486458224.yaml	Adds changelog entry describing the new endpoint/namespace validation.
core/Microsoft.Mcp.Core/tests/Microsoft.Mcp.Core.UnitTests/Helpers/EndpointValidatorTests.cs	Adds servicebus coverage across public + sovereign cloud environments.
core/Microsoft.Mcp.Core/src/Helpers/EndpointValidator.cs	Adds Service Bus suffix mapping to GetAllowedDomainSuffixes().